current-users: Re: newsyslog and script execution instead of sending signal to process

Subject: Re: newsyslog and script execution instead of sending signal to process
To: Brett Lymn <blymn@baesystems.com.au>
From: Luke Mewburn <lukem@NetBSD.org>
List: current-users
Date: 07/18/2007 12:29:34

--it/zdz3K1bH9Y8/E
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 16, 2007 at 04:55:34PM +0930, Brett Lymn wrote:
  | On Mon, Jul 16, 2007 at 02:49:29AM -0400, Greg A. Woods wrote:
  | >=20
  | > It's extremely inelegant to have newsyslog invoking other programs,
  | > never mind opening a whole new can of worms on the security front.
  | >=20
  |=20
  | There is already this wheel in Solaris called logadm - it allows
  | pre/post log roll scripts.  Having yet another cron job that is just
  | there to watch a directory and move the logs is rather inelegant in
  | itself - nevermind the race condition if the log is still in the
  | process of being rolled when it is moved/compressed.  You don't have
  | to run the scripts as root - you can always su to the correct user
  | before running the roll script (if that is really necessary).

Many years ago, I wrote a "logrot" tool for systems a decent
log rotation tool (such as older Solaris systems).
It's even available in pkgsrc as sysutils/logrot.
Per the DESCR:
	logrot rotates log files in a safe (almost atomic) manner.
	The name of the rotated file and its destination directory
	are configurable. Signals may be sent to processes determined
	from a pid file, or arbitrary commands may be executed upon
	rotation. Optional pre-processing, compression, and post-
	processing is supported.

I use it on my NetBSD boxes because I personally can't stand
the .0, .1, ..., .n naming scheme that newsyslog(8) uses.

My crontab has entries like (split here with \ for readability):

 # rotate all my normal log files, sending -HUP to syslogd
 cd /var/log ; logrot -d old -c auth authpriv cron daemon ftp kern \
     local0 local1 local2 local3 local4 local5 local6 local7 lpr mail news \
     syslog user uucp

 # call an rc.d script to let upslog know the file was rotated
 cd /var/log ; logrot -d old -c -N "/etc/rc.d/upslog restart" ups

 # rotate squid logs, and mail a report to root after the fact
 cd /var/squid/logs ; logrot -d old -s USR1 -w 60 -p /var/run/squid.pid -c \
    -B 'case "\%f" in access*) cat "\%f" | calamaris -a | \
    mail -s "proxywww cache report" root;; esac' cache access


The tool isn't perfect by any means, but it works for me.


cheers,
Luke.

--it/zdz3K1bH9Y8/E
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)

iD8DBQFGnXsOpBhtmn8zJHIRAtDwAKCbPcy86yR7uOpDrlQDswAS5jqiPACfaD1J
3Mc9LBzy5Az/mSLjXgGnifE=
=8w7Z
-----END PGP SIGNATURE-----

--it/zdz3K1bH9Y8/E--